Hacker speaks directly to homeowner through NEST security camera

If you keep up to date on the latest smart home technology, then you’ve likely seen the expanding range of camera tech that’s designed to let you keep tabs on your house while you’re away. With both indoor and outdoor models available, you can integrate these products into your home with mobile applications — and in some cases voice features — to check up on your house, or monitor the door when visitors arrive in your absence.

But are these products entirely secure? In addition to high-tech models produced by recognisable brand names, there are cheap options, appealing for their low price points, which may not have the same stringent security. That said, can we even be sure that brand name products are secure, given how new this technology is?

Well, a story recently emerged from America in which a hacker remotely accessed a man’s home security camera, using it to speak to him directly through the microphone. More concerningly, the camera in question is a NEST cam, one of the leading brands in the smart home arena.

Hacker remotely accessed external security camera

A man based in Phoenix, Arizona believed that he was being robbed by a burglar when he heard an unknown voice coming from within his home. But it wasn’t a burglar, rather the voice was coming from his NEST security camera, which he’d recently installed at his front window. The homeowner, Andy Gregg, was told by the voice that his camera had been compromised rather than giving him additional security, and that his password has been leaked online. Essentially, he had been hacked.

Though clearly worrying for any homeowner, the hacker assured Andy that he wasn’t there to cause trouble. The stranger was what’s known in the security industry as a ‘white hat hacker’, a computer specialist who works to find security vulnerabilities that exist within computer systems. These professionals expose flaws so that security can be improved.

The voice said, ‘Please, please don’t be scared or frightened (…) We’re white hats, we don’t have any malicious intent. I just wanted to tell you so that you can change your password before someone tries to hack you and do something malicious.”

The live feed as seen by the hacker accessing the homeowner’s camera.

The hacker explained how Andy’s password had been exposed online, potentially giving more nefarious hackers access to his home’s smart devices. If the man had been using the same password for all his accounts online, as so many people do, then this could’ve been a huge security problem for him. What’s more, though the hacker couldn’t see exactly where the homeowner lived, he explained how somebody could access his location from information stored directly in the device’s I.P. address. If a hacker had access to your home’s camera feed and knew where you lived, then theoretically they could determine when you’re not at home and break in without you being aware.

NEST have responded to the incident to highlight how users should set up two-factor authentication to add improve security on their accounts. The company explained how there have been instances of Nest customers using old passwords that were previously obtained by hackers and exposed to the public. But they deny having any involvement or responsibility in the breaches.

Should you use smart home devices?

Millions of people are using smart home tech to automate simple tasks like switching on the lights, or setting cooking timers. There are heaps of other things that these devices can do, too, such as creating routines that perform multiple actions when you arrive home.

But there could yet be unknown security vulnerabilities that we haven’t seen. This is the first time in history where technology has been invented that could technically hand hackers a directly video and audio feed into millions of homes. We’re a big fan of the convenience that these devices can bring to your home, but you should be extra-secure if you choose to have a smart home setup.

Make sure you’re using a unique and secure password for all your devices, and use two-factor authentication wherever possible to protect against potential hacks.

If you need help and advice getting additional security set up on your accounts, or you’ve got some new smart home devices for Christmas and would like assistance getting them set up, then get in touch with WiseGuys. You can speak to a support agent by calling us on 0808 123 2820.